From 21f5aba548e9162c2b461743c151be4392effdb9 Mon Sep 17 00:00:00 2001 From: Michael Jumper Date: Tue, 19 Jul 2016 11:21:45 -0700 Subject: [PATCH 1/6] GUACAMOLE-5: Add sharing profiles to database schema. --- .../schema/001-create-schema.sql | 99 +++++++++++++++-- .../schema/002-create-admin-user.sql | 1 + .../schema/upgrade/upgrade-pre-0.9.10.sql | 88 +++++++++++++++ .../schema/001-create-schema.sql | 103 ++++++++++++++++-- .../schema/002-create-admin-user.sql | 1 + .../schema/upgrade/upgrade-pre-0.9.10.sql | 93 ++++++++++++++++ 6 files changed, 366 insertions(+), 19 deletions(-) diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/schema/001-create-schema.sql b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/schema/001-create-schema.sql index 4201638cc..47dfe3bde 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/schema/001-create-schema.sql +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/schema/001-create-schema.sql @@ -106,6 +106,30 @@ CREATE TABLE `guacamole_user` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8; +-- +-- Table of sharing profiles. Each sharing profile has a name, associated set +-- of parameters, and a primary connection. The primary connection is the +-- connection that the sharing profile shares, and the parameters dictate the +-- restrictions/features which apply to the user joining the connection via the +-- sharing profile. +-- + +CREATE TABLE guacamole_sharing_profile ( + + `sharing_profile_id` int(11) NOT NULL AUTO_INCREMENT, + `sharing_profile_name` varchar(128) NOT NULL, + `primary_connection_id` int(11) NOT NULL, + + PRIMARY KEY (`sharing_profile_id`), + UNIQUE KEY `sharing_profile_name_primary` (sharing_profile_name, primary_connection_id), + + CONSTRAINT `guacamole_sharing_profile_ibfk_1` + FOREIGN KEY (`primary_connection_id`) + REFERENCES `guacamole_connection` (`connection_id`) + ON DELETE CASCADE + +) ENGINE=InnoDB DEFAULT CHARSET=utf8; + -- -- Table of connection parameters. Each parameter is simply a name/value pair -- associated with a connection. @@ -125,6 +149,27 @@ CREATE TABLE `guacamole_connection_parameter` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8; +-- +-- Table of sharing profile parameters. Each parameter is simply +-- name/value pair associated with a sharing profile. These parameters dictate +-- the restrictions/features which apply to the user joining the associated +-- connection via the sharing profile. +-- + +CREATE TABLE guacamole_sharing_profile_parameter ( + + `sharing_profile_id` integer NOT NULL, + `parameter_name` varchar(128) NOT NULL, + `parameter_value` varchar(4096) NOT NULL, + + PRIMARY KEY (`sharing_profile_id`, `parameter_name`), + + CONSTRAINT `guacamole_sharing_profile_parameter_ibfk_1` + FOREIGN KEY (`sharing_profile_id`) + REFERENCES `guacamole_sharing_profile` (`sharing_profile_id`) ON DELETE CASCADE + +) ENGINE=InnoDB DEFAULT CHARSET=utf8; + -- -- Table of connection permissions. Each connection permission grants a user -- specific access to a connection. @@ -177,6 +222,32 @@ CREATE TABLE `guacamole_connection_group_permission` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8; +-- +-- Table of sharing profile permissions. Each sharing profile permission grants +-- a user specific access to a sharing profile. +-- + +CREATE TABLE guacamole_sharing_profile_permission ( + + `user_id` integer NOT NULL, + `sharing_profile_id` integer NOT NULL, + `permission` enum('READ', + 'UPDATE', + 'DELETE', + 'ADMINISTER') NOT NULL, + + PRIMARY KEY (`user_id`, `sharing_profile_id`, `permission`), + + CONSTRAINT `guacamole_sharing_profile_permission_ibfk_1` + FOREIGN KEY (`sharing_profile_id`) + REFERENCES `guacamole_sharing_profile` (`sharing_profile_id`) ON DELETE CASCADE, + + CONSTRAINT `guacamole_sharing_profile_permission_ibfk_2` + FOREIGN KEY (`user_id`) + REFERENCES `guacamole_user` (`user_id`) ON DELETE CASCADE + +) ENGINE=InnoDB DEFAULT CHARSET=utf8; + -- -- Table of system permissions. Each system permission grants a user a -- system-level privilege of some kind. @@ -186,7 +257,8 @@ CREATE TABLE `guacamole_system_permission` ( `user_id` int(11) NOT NULL, `permission` enum('CREATE_CONNECTION', - 'CREATE_CONNECTION_GROUP', + 'CREATE_CONNECTION_GROUP', + 'CREATE_SHARING_PROFILE', 'CREATE_USER', 'ADMINISTER') NOT NULL, @@ -232,27 +304,34 @@ CREATE TABLE `guacamole_user_permission` ( CREATE TABLE `guacamole_connection_history` ( - `history_id` int(11) NOT NULL AUTO_INCREMENT, - `user_id` int(11) DEFAULT NULL, - `username` varchar(128) NOT NULL, - `connection_id` int(11) DEFAULT NULL, - `connection_name` varchar(128) NOT NULL, - `start_date` datetime NOT NULL, - `end_date` datetime DEFAULT NULL, + `history_id` int(11) NOT NULL AUTO_INCREMENT, + `user_id` int(11) DEFAULT NULL, + `username` varchar(128) NOT NULL, + `connection_id` int(11) DEFAULT NULL, + `connection_name` varchar(128) NOT NULL, + `sharing_profile_id` int(11) DEFAULT NULL, + `sharing_profile_name` varchar(128) DEFAULT NULL, + `start_date` datetime NOT NULL, + `end_date` datetime DEFAULT NULL, PRIMARY KEY (`history_id`), KEY `user_id` (`user_id`), KEY `connection_id` (`connection_id`), + KEY `sharing_profile_id` (`sharing_profile_id`), KEY `start_date` (`start_date`), KEY `end_date` (`end_date`), CONSTRAINT `guacamole_connection_history_ibfk_1` FOREIGN KEY (`user_id`) - REFERENCES `guacamole_user` (`user_id`) ON DELETE CASCADE, + REFERENCES `guacamole_user` (`user_id`) ON DELETE SET NULL, CONSTRAINT `guacamole_connection_history_ibfk_2` FOREIGN KEY (`connection_id`) - REFERENCES `guacamole_connection` (`connection_id`) ON DELETE CASCADE + REFERENCES `guacamole_connection` (`connection_id`) ON DELETE SET NULL + + CONSTRAINT `guacamole_connection_history_ibfk_3` + FOREIGN KEY (`sharing_profile_id`) + REFERENCES `guacamole_sharing_profile` (`sharing_profile_id`) ON DELETE SET NULL ) ENGINE=InnoDB DEFAULT CHARSET=utf8; diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/schema/002-create-admin-user.sql b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/schema/002-create-admin-user.sql index a0710e2cc..cc73a01ef 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/schema/002-create-admin-user.sql +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/schema/002-create-admin-user.sql @@ -29,6 +29,7 @@ SELECT user_id, permission FROM ( SELECT 'guacadmin' AS username, 'CREATE_CONNECTION' AS permission UNION SELECT 'guacadmin' AS username, 'CREATE_CONNECTION_GROUP' AS permission + UNION SELECT 'guacadmin' AS username, 'CREATE_SHARING_PROFILE' AS permission UNION SELECT 'guacadmin' AS username, 'CREATE_USER' AS permission UNION SELECT 'guacadmin' AS username, 'ADMINISTER' AS permission ) permissions diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/schema/upgrade/upgrade-pre-0.9.10.sql b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/schema/upgrade/upgrade-pre-0.9.10.sql index 13a57dda4..4e601325f 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/schema/upgrade/upgrade-pre-0.9.10.sql +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/schema/upgrade/upgrade-pre-0.9.10.sql @@ -94,3 +94,91 @@ ALTER TABLE guacamole_connection_history ALTER TABLE guacamole_connection_group ADD COLUMN enable_session_affinity boolean NOT NULL DEFAULT 0; +-- +-- Add new system-level permission +-- + +ALTER TABLE `guacamole_system_permission` + MODIFY `permission` enum('CREATE_CONNECTION', + 'CREATE_CONNECTION_GROUP', + 'CREATE_SHARING_PROFILE', + 'CREATE_USER', + 'ADMINISTER') NOT NULL; + +-- +-- Add sharing profile table +-- + +CREATE TABLE guacamole_sharing_profile ( + + `sharing_profile_id` int(11) NOT NULL AUTO_INCREMENT, + `sharing_profile_name` varchar(128) NOT NULL, + `primary_connection_id` int(11) NOT NULL, + + PRIMARY KEY (`sharing_profile_id`), + UNIQUE KEY `sharing_profile_name_primary` (sharing_profile_name, primary_connection_id), + + CONSTRAINT `guacamole_sharing_profile_ibfk_1` + FOREIGN KEY (`primary_connection_id`) + REFERENCES `guacamole_connection` (`connection_id`) + ON DELETE CASCADE + +) ENGINE=InnoDB DEFAULT CHARSET=utf8; + +-- +-- Add table of sharing profile parameters +-- + +CREATE TABLE guacamole_sharing_profile_parameter ( + + `sharing_profile_id` integer NOT NULL, + `parameter_name` varchar(128) NOT NULL, + `parameter_value` varchar(4096) NOT NULL, + + PRIMARY KEY (`sharing_profile_id`, `parameter_name`), + + CONSTRAINT `guacamole_sharing_profile_parameter_ibfk_1` + FOREIGN KEY (`sharing_profile_id`) + REFERENCES `guacamole_sharing_profile` (`sharing_profile_id`) ON DELETE CASCADE + +) ENGINE=InnoDB DEFAULT CHARSET=utf8; + +-- +-- Object-level permission table for sharing profiles +-- + +CREATE TABLE guacamole_sharing_profile_permission ( + + `user_id` integer NOT NULL, + `sharing_profile_id` integer NOT NULL, + `permission` enum('READ', + 'UPDATE', + 'DELETE', + 'ADMINISTER') NOT NULL, + + PRIMARY KEY (`user_id`, `sharing_profile_id`, `permission`), + + CONSTRAINT `guacamole_sharing_profile_permission_ibfk_1` + FOREIGN KEY (`sharing_profile_id`) + REFERENCES `guacamole_sharing_profile` (`sharing_profile_id`) ON DELETE CASCADE, + + CONSTRAINT `guacamole_sharing_profile_permission_ibfk_2` + FOREIGN KEY (`user_id`) + REFERENCES `guacamole_user` (`user_id`) ON DELETE CASCADE + +) ENGINE=InnoDB DEFAULT CHARSET=utf8; + +-- +-- Add new (optional) sharing profile ID and name columns to connection history +-- + +ALTER TABLE guacamole_connection_history + ADD COLUMN sharing_profile_id INT(11); + +ALTER TABLE guacamole_connection_history + ADD COLUMN sharing_profile_name VARCHAR(128); + +ALTER TABLE guacamole_connection_history + ADD CONSTRAINT guacamole_connection_history_ibfk_3 + FOREIGN KEY (sharing_profile_id) + REFERENCES guacamole_sharing_profile (sharing_profile_id) ON DELETE SET NULL; diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/schema/001-create-schema.sql b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/schema/001-create-schema.sql index 3a84ba54f..2720e3790 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/schema/001-create-schema.sql +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/schema/001-create-schema.sql @@ -44,6 +44,7 @@ CREATE TYPE guacamole_object_permission_type AS ENUM( CREATE TYPE guacamole_system_permission_type AS ENUM( 'CREATE_CONNECTION', 'CREATE_CONNECTION_GROUP', + 'CREATE_SHARING_PROFILE', 'CREATE_USER', 'ADMINISTER' ); @@ -148,6 +149,34 @@ CREATE TABLE guacamole_user ( ); +-- +-- Table of sharing profiles. Each sharing profile has a name, associated set +-- of parameters, and a primary connection. The primary connection is the +-- connection that the sharing profile shares, and the parameters dictate the +-- restrictions/features which apply to the user joining the connection via the +-- sharing profile. +-- + +CREATE TABLE guacamole_sharing_profile ( + + sharing_profile_id serial NOT NULL, + sharing_profile_name varchar(128) NOT NULL, + primary_connection_id integer NOT NULL, + + PRIMARY KEY (sharing_profile_id), + + CONSTRAINT sharing_profile_name_primary + UNIQUE (sharing_profile_name, primary_connection_id), + + CONSTRAINT guacamole_sharing_profile_ibfk_1 + FOREIGN KEY (primary_connection_id) + REFERENCES guacamole_connection (connection_id) + ON DELETE CASCADE + +); + +CREATE INDEX ON guacamole_sharing_profile(primary_connection_id); + -- -- Table of connection parameters. Each parameter is simply a name/value pair -- associated with a connection. @@ -169,6 +198,29 @@ CREATE TABLE guacamole_connection_parameter ( CREATE INDEX ON guacamole_connection_parameter(connection_id); +-- +-- Table of sharing profile parameters. Each parameter is simply +-- name/value pair associated with a sharing profile. These parameters dictate +-- the restrictions/features which apply to the user joining the associated +-- connection via the sharing profile. +-- + +CREATE TABLE guacamole_sharing_profile_parameter ( + + sharing_profile_id integer NOT NULL, + parameter_name varchar(128) NOT NULL, + parameter_value varchar(4096) NOT NULL, + + PRIMARY KEY (sharing_profile_id, parameter_name), + + CONSTRAINT guacamole_sharing_profile_parameter_ibfk_1 + FOREIGN KEY (sharing_profile_id) + REFERENCES guacamole_sharing_profile (sharing_profile_id) ON DELETE CASCADE + +); + +CREATE INDEX ON guacamole_sharing_profile_parameter(sharing_profile_id); + -- -- Table of connection permissions. Each connection permission grants a user -- specific access to a connection. @@ -221,6 +273,32 @@ CREATE TABLE guacamole_connection_group_permission ( CREATE INDEX ON guacamole_connection_group_permission(connection_group_id); CREATE INDEX ON guacamole_connection_group_permission(user_id); +-- +-- Table of sharing profile permissions. Each sharing profile permission grants +-- a user specific access to a sharing profile. +-- + +CREATE TABLE guacamole_sharing_profile_permission ( + + user_id integer NOT NULL, + sharing_profile_id integer NOT NULL, + permission guacamole_object_permission_type NOT NULL, + + PRIMARY KEY (user_id,sharing_profile_id,permission), + + CONSTRAINT guacamole_sharing_profile_permission_ibfk_1 + FOREIGN KEY (sharing_profile_id) + REFERENCES guacamole_sharing_profile (sharing_profile_id) ON DELETE CASCADE, + + CONSTRAINT guacamole_sharing_profile_permission_ibfk_2 + FOREIGN KEY (user_id) + REFERENCES guacamole_user (user_id) ON DELETE CASCADE + +); + +CREATE INDEX ON guacamole_sharing_profile_permission(sharing_profile_id); +CREATE INDEX ON guacamole_sharing_profile_permission(user_id); + -- -- Table of system permissions. Each system permission grants a user a -- system-level privilege of some kind. @@ -275,27 +353,34 @@ CREATE INDEX ON guacamole_user_permission(user_id); CREATE TABLE guacamole_connection_history ( - history_id serial NOT NULL, - user_id integer DEFAULT NULL, - username varchar(128) NOT NULL, - connection_id integer DEFAULT NULL, - connection_name varchar(128) NOT NULL, - start_date timestamptz NOT NULL, - end_date timestamptz DEFAULT NULL, + history_id serial NOT NULL, + user_id integer DEFAULT NULL, + username varchar(128) NOT NULL, + connection_id integer DEFAULT NULL, + connection_name varchar(128) NOT NULL, + sharing_profile_id integer DEFAULT NULL, + sharing_profile_name varchar(128) NOT NULL, + start_date timestamptz NOT NULL, + end_date timestamptz DEFAULT NULL, PRIMARY KEY (history_id), CONSTRAINT guacamole_connection_history_ibfk_1 FOREIGN KEY (user_id) - REFERENCES guacamole_user (user_id) ON DELETE CASCADE, + REFERENCES guacamole_user (user_id) ON DELETE SET NULL, CONSTRAINT guacamole_connection_history_ibfk_2 FOREIGN KEY (connection_id) - REFERENCES guacamole_connection (connection_id) ON DELETE CASCADE + REFERENCES guacamole_connection (connection_id) ON DELETE SET NULL, + + CONSTRAINT guacamole_connection_history_ibfk_3 + FOREIGN KEY (sharing_profile_id) + REFERENCES guacamole_sharing_profile (sharing_profile_id) ON DELETE SET NULL ); CREATE INDEX ON guacamole_connection_history(user_id); CREATE INDEX ON guacamole_connection_history(connection_id); +CREATE INDEX ON guacamole_connection_history(sharing_profile_id); CREATE INDEX ON guacamole_connection_history(start_date); CREATE INDEX ON guacamole_connection_history(end_date); diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/schema/002-create-admin-user.sql b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/schema/002-create-admin-user.sql index 9163ea8f6..feeb9ad22 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/schema/002-create-admin-user.sql +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/schema/002-create-admin-user.sql @@ -31,6 +31,7 @@ FROM ( VALUES ('guacadmin', 'CREATE_CONNECTION'), ('guacadmin', 'CREATE_CONNECTION_GROUP'), + ('guacadmin', 'CREATE_SHARING_PROFILE'), ('guacadmin', 'CREATE_USER'), ('guacadmin', 'ADMINISTER') ) permissions (username, permission) diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/schema/upgrade/upgrade-pre-0.9.10.sql b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/schema/upgrade/upgrade-pre-0.9.10.sql index baaa4ff93..60ffdca19 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/schema/upgrade/upgrade-pre-0.9.10.sql +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/schema/upgrade/upgrade-pre-0.9.10.sql @@ -95,3 +95,96 @@ ALTER TABLE guacamole_connection_history ALTER TABLE guacamole_connection_group ADD COLUMN enable_session_affinity boolean NOT NULL DEFAULT FALSE; +-- +-- Add new system-level permission +-- + +ALTER TYPE guacamole_system_permission_type + ADD VALUE 'CREATE_SHARING_PROFILE' + AFTER 'CREATE_CONNECTION_GROUP'; + +-- +-- Add sharing profile table +-- + +CREATE TABLE guacamole_sharing_profile ( + + sharing_profile_id serial NOT NULL, + sharing_profile_name varchar(128) NOT NULL, + primary_connection_id integer NOT NULL, + + PRIMARY KEY (sharing_profile_id), + + CONSTRAINT sharing_profile_name_primary + UNIQUE (sharing_profile_name, primary_connection_id), + + CONSTRAINT guacamole_sharing_profile_ibfk_1 + FOREIGN KEY (primary_connection_id) + REFERENCES guacamole_connection (connection_id) + ON DELETE CASCADE + +); + +CREATE INDEX ON guacamole_sharing_profile(primary_connection_id); + +-- +-- Add table of sharing profile parameters +-- + +CREATE TABLE guacamole_sharing_profile_parameter ( + + sharing_profile_id integer NOT NULL, + parameter_name varchar(128) NOT NULL, + parameter_value varchar(4096) NOT NULL, + + PRIMARY KEY (sharing_profile_id, parameter_name), + + CONSTRAINT guacamole_sharing_profile_parameter_ibfk_1 + FOREIGN KEY (sharing_profile_id) + REFERENCES guacamole_sharing_profile (sharing_profile_id) ON DELETE CASCADE + +); + +CREATE INDEX ON guacamole_sharing_profile_parameter(sharing_profile_id); + +-- +-- Object-level permission table for sharing profiles +-- + +CREATE TABLE guacamole_sharing_profile_permission ( + + user_id integer NOT NULL, + sharing_profile_id integer NOT NULL, + permission guacamole_object_permission_type NOT NULL, + + PRIMARY KEY (user_id,sharing_profile_id,permission), + + CONSTRAINT guacamole_sharing_profile_permission_ibfk_1 + FOREIGN KEY (sharing_profile_id) + REFERENCES guacamole_sharing_profile (sharing_profile_id) ON DELETE CASCADE, + + CONSTRAINT guacamole_sharing_profile_permission_ibfk_2 + FOREIGN KEY (user_id) + REFERENCES guacamole_user (user_id) ON DELETE CASCADE + +); + +CREATE INDEX ON guacamole_sharing_profile_permission(sharing_profile_id); +CREATE INDEX ON guacamole_sharing_profile_permission(user_id); + +-- +-- Add new (optional) sharing profile ID and name columns to connection history +-- + +ALTER TABLE guacamole_connection_history + ADD COLUMN sharing_profile_id integer; + +ALTER TABLE guacamole_connection_history + ADD COLUMN sharing_profile_name varchar(128); + +ALTER TABLE guacamole_connection_history + ADD CONSTRAINT guacamole_connection_history_ibfk_3 + FOREIGN KEY (sharing_profile_id) + REFERENCES guacamole_sharing_profile (sharing_profile_id) ON DELETE SET NULL; + +CREATE INDEX ON guacamole_connection_history(sharing_profile_id); From cfac865807e59d026d8bf3daa84d4fcfde9fedf4 Mon Sep 17 00:00:00 2001 From: Michael Jumper Date: Tue, 19 Jul 2016 13:59:47 -0700 Subject: [PATCH 2/6] GUACAMOLE-5: Map sharing profile model objects to database schema. --- .../JDBCAuthenticationProviderModule.java | 10 +- ...er.java => ConnectionParameterMapper.java} | 6 +- ...del.java => ConnectionParameterModel.java} | 2 +- .../jdbc/connection/ConnectionService.java | 14 +- .../SharingProfilePermissionMapper.java | 28 ++++ .../sharingprofile/SharingProfileMapper.java | 91 +++++++++++ .../sharingprofile/SharingProfileModel.java | 112 ++++++++++++++ .../SharingProfileParameterMapper.java | 72 +++++++++ .../SharingProfileParameterModel.java | 108 +++++++++++++ .../AbstractGuacamoleTunnelService.java | 10 +- ...pper.xml => ConnectionParameterMapper.xml} | 6 +- .../SharingProfilePermissionMapper.xml | 117 ++++++++++++++ .../sharingprofile/SharingProfileMapper.xml | 145 ++++++++++++++++++ .../SharingProfileParameterMapper.xml | 68 ++++++++ ...pper.xml => ConnectionParameterMapper.xml} | 6 +- .../SharingProfilePermissionMapper.xml | 117 ++++++++++++++ .../sharingprofile/SharingProfileMapper.xml | 145 ++++++++++++++++++ .../SharingProfileParameterMapper.xml | 68 ++++++++ 18 files changed, 1101 insertions(+), 24 deletions(-) rename extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/connection/{ParameterMapper.java => ConnectionParameterMapper.java} (90%) rename extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/connection/{ParameterModel.java => ConnectionParameterModel.java} (98%) create mode 100644 extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/SharingProfilePermissionMapper.java create mode 100644 extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileMapper.java create mode 100644 extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileModel.java create mode 100644 extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileParameterMapper.java create mode 100644 extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileParameterModel.java rename extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/connection/{ParameterMapper.xml => ConnectionParameterMapper.xml} (93%) create mode 100644 extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/SharingProfilePermissionMapper.xml create mode 100644 extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileMapper.xml create mode 100644 extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileParameterMapper.xml rename extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/connection/{ParameterMapper.xml => ConnectionParameterMapper.xml} (93%) create mode 100644 extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/SharingProfilePermissionMapper.xml create mode 100644 extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileMapper.xml create mode 100644 extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileParameterMapper.xml diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderModule.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderModule.java index 76725a6b8..35b15affe 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderModule.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderModule.java @@ -32,7 +32,6 @@ import org.apache.guacamole.auth.jdbc.user.UserDirectory; import org.apache.guacamole.auth.jdbc.connectiongroup.ConnectionGroupMapper; import org.apache.guacamole.auth.jdbc.connection.ConnectionMapper; import org.apache.guacamole.auth.jdbc.connection.ConnectionRecordMapper; -import org.apache.guacamole.auth.jdbc.connection.ParameterMapper; import org.apache.guacamole.auth.jdbc.permission.SystemPermissionMapper; import org.apache.guacamole.auth.jdbc.user.UserMapper; import org.apache.guacamole.auth.jdbc.connectiongroup.ConnectionGroupService; @@ -59,6 +58,10 @@ import org.apache.guacamole.auth.jdbc.activeconnection.ActiveConnectionPermissio import org.apache.guacamole.auth.jdbc.activeconnection.ActiveConnectionPermissionSet; import org.apache.guacamole.auth.jdbc.activeconnection.ActiveConnectionService; import org.apache.guacamole.auth.jdbc.activeconnection.TrackedActiveConnection; +import org.apache.guacamole.auth.jdbc.connection.ConnectionParameterMapper; +import org.apache.guacamole.auth.jdbc.permission.SharingProfilePermissionMapper; +import org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileMapper; +import org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileParameterMapper; import org.apache.guacamole.auth.jdbc.tunnel.RestrictedGuacamoleTunnelService; import org.apache.guacamole.net.auth.AuthenticationProvider; import org.mybatis.guice.MyBatisModule; @@ -118,8 +121,11 @@ public class JDBCAuthenticationProviderModule extends MyBatisModule { addMapperClass(ConnectionGroupPermissionMapper.class); addMapperClass(ConnectionPermissionMapper.class); addMapperClass(ConnectionRecordMapper.class); - addMapperClass(ParameterMapper.class); + addMapperClass(ConnectionParameterMapper.class); addMapperClass(SystemPermissionMapper.class); + addMapperClass(SharingProfileMapper.class); + addMapperClass(SharingProfileParameterMapper.class); + addMapperClass(SharingProfilePermissionMapper.class); addMapperClass(UserMapper.class); addMapperClass(UserPermissionMapper.class); diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/connection/ParameterMapper.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/connection/ConnectionParameterMapper.java similarity index 90% rename from extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/connection/ParameterMapper.java rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/connection/ConnectionParameterMapper.java index d152e600e..8ba3e24c8 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/connection/ParameterMapper.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/connection/ConnectionParameterMapper.java @@ -27,7 +27,7 @@ import org.apache.ibatis.annotations.Param; * * @author Michael Jumper */ -public interface ParameterMapper { +public interface ConnectionParameterMapper { /** * Returns a collection of all parameters associated with the connection @@ -42,7 +42,7 @@ public interface ParameterMapper { * having the given identifier. This collection will be empty if no * such connection exists. */ - Collection select(@Param("identifier") String identifier); + Collection select(@Param("identifier") String identifier); /** * Inserts each of the parameter model objects in the given collection as @@ -54,7 +54,7 @@ public interface ParameterMapper { * @return * The number of rows inserted. */ - int insert(@Param("parameters") Collection parameters); + int insert(@Param("parameters") Collection parameters); /** * Deletes all parameters associated with the connection having the given diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/connection/ParameterModel.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/connection/ConnectionParameterModel.java similarity index 98% rename from extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/connection/ParameterModel.java rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/connection/ConnectionParameterModel.java index f4cff99f3..4750de296 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/connection/ParameterModel.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/connection/ConnectionParameterModel.java @@ -24,7 +24,7 @@ package org.apache.guacamole.auth.jdbc.connection; * * @author Michael Jumper */ -public class ParameterModel { +public class ConnectionParameterModel { /** * The identifier of the connection associated with this parameter. diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/connection/ConnectionService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/connection/ConnectionService.java index 7195b4714..70bffbb98 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/connection/ConnectionService.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/connection/ConnectionService.java @@ -70,7 +70,7 @@ public class ConnectionService extends ModeledGroupedDirectoryObjectService getParameterModels(ModeledConnection connection) { + private Collection getParameterModels(ModeledConnection connection) { Map parameters = connection.getConfiguration().getParameters(); // Convert parameters to model objects - Collection parameterModels = new ArrayList(parameters.size()); + Collection parameterModels = new ArrayList(parameters.size()); for (Map.Entry parameterEntry : parameters.entrySet()) { // Get parameter name and value @@ -214,7 +214,7 @@ public class ConnectionService extends ModeledGroupedDirectoryObjectService parameterModels = getParameterModels(connection); + Collection parameterModels = getParameterModels(connection); if (!parameterModels.isEmpty()) parameterMapper.insert(parameterModels); @@ -253,7 +253,7 @@ public class ConnectionService extends ModeledGroupedDirectoryObjectService parameterModels = getParameterModels(object); + Collection parameterModels = getParameterModels(object); parameterMapper.delete(object.getIdentifier()); if (!parameterModels.isEmpty()) parameterMapper.insert(parameterModels); @@ -332,7 +332,7 @@ public class ConnectionService extends ModeledGroupedDirectoryObjectService { + + /** + * Selects the identifiers of all sharing profiles associated with the given + * primary connection, regardless of whether they are readable by any + * particular user. This should only be called on behalf of a system + * administrator. If identifiers are needed by a non-administrative user who + * must have explicit read rights, use selectReadableIdentifiersWithin() + * instead. + * + * @param primaryConnectionIdentifier + * The identifier of the primary connection. + * + * @return + * A Set containing all identifiers of all objects. + */ + Set selectIdentifiersWithin( + @Param("primaryConnectionIdentifier") String primaryConnectionIdentifier); + + /** + * Selects the identifiers of all sharing profiles associated with the given + * primary connection that are explicitly readable by the given user. If + * identifiers are needed by a system administrator (who, by definition, + * does not need explicit read rights), use selectIdentifiersWithin() + * instead. + * + * @param user + * The user whose permissions should determine whether an identifier + * is returned. + * + * @param primaryConnectionIdentifier + * The identifier of the primary connection. + * + * @return + * A Set containing all identifiers of all readable objects. + */ + Set selectReadableIdentifiersWithin(@Param("user") UserModel user, + @Param("primaryConnectionIdentifier") String primaryConnectionIdentifier); + + /** + * Selects the sharing profile associated with the given primary connection + * and having the given name. If no such sharing profile exists, null is + * returned. + * + * @param primaryConnectionIdentifier + * The identifier of the primary connection to search against. + * + * @param name + * The name of the sharing profile to find. + * + * @return + * The sharing profile having the given name and associated with the + * given primary connection, or null if no such sharing profile exists. + */ + SharingProfileModel selectOneByName( + @Param("primaryConnectionIdentifier") String primaryConnectionIdentifier, + @Param("name") String name); + +} \ No newline at end of file diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileModel.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileModel.java new file mode 100644 index 000000000..939884b6d --- /dev/null +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileModel.java @@ -0,0 +1,112 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.guacamole.auth.jdbc.sharingprofile; + +import org.apache.guacamole.auth.jdbc.base.ObjectModel; + +/** + * Object representation of a Guacamole sharing profile, as represented in the + * database. + * + * @author Michael Jumper + */ +public class SharingProfileModel extends ObjectModel { + + /** + * The human-readable name associated with this sharing profile. + */ + private String name; + + /** + * The identifier of the primary connection associated with this + * sharing profile. + */ + private String primaryConnectionIdentifier; + + /** + * Creates a new, empty sharing profile. + */ + public SharingProfileModel() { + } + + /** + * Returns the name associated with this sharing profile. + * + * @return + * The name associated with this sharing profile. + */ + public String getName() { + return name; + } + + /** + * Sets the name associated with this sharing profile. + * + * @param name + * The name to associate with this sharing profile. + */ + public void setName(String name) { + this.name = name; + } + + /** + * Returns the identifier of the primary connection associated with this + * sharing profile. + * + * @return + * The identifier of the primary connection associated with this + * sharing profile. + */ + public String getPrimaryConnectionIdentifier() { + return primaryConnectionIdentifier; + } + + /** + * Sets the identifier of the primary connection associated with this + * sharing profile. + * + * @param primaryConnectionIdentifier + * The identifier of the primary connection associated with this + * sharing profile. + */ + public void setPrimaryConnectionIdentifier(String primaryConnectionIdentifier) { + this.primaryConnectionIdentifier = primaryConnectionIdentifier; + } + + @Override + public String getIdentifier() { + + // If no associated ID, then no associated identifier + Integer id = getObjectID(); + if (id == null) + return null; + + // Otherwise, the identifier is the ID as a string + return id.toString(); + + } + + @Override + public void setIdentifier(String identifier) { + throw new UnsupportedOperationException("Sharing profile identifiers " + + "are derived from IDs. They cannot be set."); + } + +} diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileParameterMapper.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileParameterMapper.java new file mode 100644 index 000000000..14dacaf2b --- /dev/null +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileParameterMapper.java @@ -0,0 +1,72 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.guacamole.auth.jdbc.sharingprofile; + +import java.util.Collection; +import org.apache.ibatis.annotations.Param; + +/** + * Mapper for sharing profile parameter objects. + * + * @author Michael Jumper + */ +public interface SharingProfileParameterMapper { + + /** + * Returns a collection of all parameters associated with the sharing + * profile having the given identifier. + * + * @param identifier + * The identifier of the sharing profile whose parameters are to be + * retrieved. + * + * @return + * A collection of all parameters associated with the sharing profile + * having the given identifier. This collection will be empty if no + * such sharing profile exists. + */ + Collection select(@Param("identifier") String identifier); + + /** + * Inserts each of the parameter model objects in the given collection as + * new sharing profile parameters. + * + * @param parameters + * The sharing profile parameters to insert. + * + * @return + * The number of rows inserted. + */ + int insert(@Param("parameters") Collection parameters); + + /** + * Deletes all parameters associated with the sharing profile having the + * given identifier. + * + * @param identifier + * The identifier of the sharing profile whose parameters should be + * deleted. + * + * @return + * The number of rows deleted. + */ + int delete(@Param("identifier") String identifier); + +} diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileParameterModel.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileParameterModel.java new file mode 100644 index 000000000..0332b03f9 --- /dev/null +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileParameterModel.java @@ -0,0 +1,108 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.guacamole.auth.jdbc.sharingprofile; + +/** + * A single parameter name/value pair belonging to a sharing profile. + * + * @author Michael Jumper + */ +public class SharingProfileParameterModel { + + /** + * The identifier of the sharing profile associated with this parameter. + */ + private String sharingProfileIdentifier; + + /** + * The name of the parameter. + */ + private String name; + + /** + * The value the parameter is set to. + */ + private String value; + + /** + * Returns the identifier of the sharing profile associated with this + * parameter. + * + * @return + * The identifier of the sharing profile associated with this + * parameter. + */ + public String getSharingProfileIdentifier() { + return sharingProfileIdentifier; + } + + /** + * Sets the identifier of the sharing profile associated with this + * parameter. + * + * @param sharingProfileIdentifier + * The identifier of the sharing profile to associate with this + * parameter. + */ + public void setSharingProfileIdentifier(String sharingProfileIdentifier) { + this.sharingProfileIdentifier = sharingProfileIdentifier; + } + + /** + * Returns the name of this parameter. + * + * @return + * The name of this parameter. + */ + public String getName() { + return name; + } + + /** + * Sets the name of this parameter. + * + * @param name + * The name of this parameter. + */ + public void setName(String name) { + this.name = name; + } + + /** + * Returns the value of this parameter. + * + * @return + * The value of this parameter. + */ + public String getValue() { + return value; + } + + /** + * Sets the value of this parameter. + * + * @param value + * The value of this parameter. + */ + public void setValue(String value) { + this.value = value; + } + +} diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/tunnel/AbstractGuacamoleTunnelService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/tunnel/AbstractGuacamoleTunnelService.java index 1b65ab823..82af02db9 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/tunnel/AbstractGuacamoleTunnelService.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/tunnel/AbstractGuacamoleTunnelService.java @@ -35,10 +35,9 @@ import org.apache.guacamole.auth.jdbc.user.AuthenticatedUser; import org.apache.guacamole.auth.jdbc.connection.ModeledConnection; import org.apache.guacamole.auth.jdbc.connectiongroup.ModeledConnectionGroup; import org.apache.guacamole.auth.jdbc.connection.ConnectionRecordMapper; -import org.apache.guacamole.auth.jdbc.connection.ParameterMapper; import org.apache.guacamole.auth.jdbc.connection.ConnectionModel; import org.apache.guacamole.auth.jdbc.connection.ConnectionRecordModel; -import org.apache.guacamole.auth.jdbc.connection.ParameterModel; +import org.apache.guacamole.auth.jdbc.connection.ConnectionParameterModel; import org.apache.guacamole.auth.jdbc.user.UserModel; import org.apache.guacamole.GuacamoleException; import org.apache.guacamole.GuacamoleSecurityException; @@ -55,6 +54,7 @@ import org.apache.guacamole.protocol.GuacamoleConfiguration; import org.apache.guacamole.token.StandardTokens; import org.apache.guacamole.token.TokenFilter; import org.mybatis.guice.transactional.Transactional; +import org.apache.guacamole.auth.jdbc.connection.ConnectionParameterMapper; /** @@ -88,7 +88,7 @@ public abstract class AbstractGuacamoleTunnelService implements GuacamoleTunnelS * Mapper for accessing connection parameters. */ @Inject - private ParameterMapper parameterMapper; + private ConnectionParameterMapper parameterMapper; /** * Mapper for accessing connection history. @@ -217,8 +217,8 @@ public abstract class AbstractGuacamoleTunnelService implements GuacamoleTunnelS config.setProtocol(model.getProtocol()); // Set parameters from associated data - Collection parameters = parameterMapper.select(connection.getIdentifier()); - for (ParameterModel parameter : parameters) + Collection parameters = parameterMapper.select(connection.getIdentifier()); + for (ConnectionParameterModel parameter : parameters) config.setParameter(parameter.getName(), parameter.getValue()); // Build token filter containing credential tokens diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ParameterMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionParameterMapper.xml similarity index 93% rename from extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ParameterMapper.xml rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionParameterMapper.xml index 11db08931..ac128ff13 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ParameterMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionParameterMapper.xml @@ -21,10 +21,10 @@ under the License. --> - + - + @@ -48,7 +48,7 @@ - + INSERT INTO guacamole_connection_parameter ( connection_id, diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/SharingProfilePermissionMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/SharingProfilePermissionMapper.xml new file mode 100644 index 000000000..e7c1d88a8 --- /dev/null +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/SharingProfilePermissionMapper.xml @@ -0,0 +1,117 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + DELETE FROM guacamole_sharing_profile_permission + WHERE (user_id, permission, sharing_profile_id) IN + + (#{permission.userID,jdbcType=INTEGER}, + #{permission.type,jdbcType=VARCHAR}, + #{permission.objectIdentifier,jdbcType=VARCHAR}) + + + + + + + + INSERT IGNORE INTO guacamole_sharing_profile_permission ( + user_id, + permission, + sharing_profile_id + ) + VALUES + + (#{permission.userID,jdbcType=INTEGER}, + #{permission.type,jdbcType=VARCHAR}, + #{permission.objectIdentifier,jdbcType=VARCHAR}) + + + + + \ No newline at end of file diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileMapper.xml new file mode 100644 index 000000000..8b8727fe9 --- /dev/null +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileMapper.xml @@ -0,0 +1,145 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + DELETE FROM guacamole_sharing_profile + WHERE sharing_profile_id = #{identifier,jdbcType=VARCHAR} + + + + + + INSERT INTO guacamole_sharing_profile ( + sharing_profile_name, + primary_connection_id + ) + VALUES ( + #{object.name,jdbcType=VARCHAR}, + #{object.primaryConnectionIdentifier,jdbcType=VARCHAR}, + ) + + + + + + UPDATE guacamole_sharing_profile + SET sharing_profile_name = #{object.name,jdbcType=VARCHAR}, + primary_connection_id = #{object.primaryConnectionIdentifier,jdbcType=VARCHAR} + WHERE sharing_profile_id = #{object.objectID,jdbcType=INTEGER} + + + \ No newline at end of file diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileParameterMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileParameterMapper.xml new file mode 100644 index 000000000..65c309fdf --- /dev/null +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileParameterMapper.xml @@ -0,0 +1,68 @@ + + + + + + + + + + + + + + + + + + + + DELETE FROM guacamole_sharing_profile_parameter + WHERE sharing_profile_id = #{identifier,jdbcType=VARCHAR} + + + + + + INSERT INTO guacamole_sharing_profile_parameter ( + sharing_profile_id, + parameter_name, + parameter_value + ) + VALUES + + (#{parameter.sharingProfileIdentifier,jdbcType=VARCHAR}, + #{parameter.name,jdbcType=VARCHAR}, + #{parameter.value,jdbcType=VARCHAR}) + + + + + + \ No newline at end of file diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ParameterMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionParameterMapper.xml similarity index 93% rename from extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ParameterMapper.xml rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionParameterMapper.xml index 2039e8a24..3f3af752d 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ParameterMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionParameterMapper.xml @@ -21,10 +21,10 @@ under the License. --> - + - + @@ -48,7 +48,7 @@ - + INSERT INTO guacamole_connection_parameter ( connection_id, diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/SharingProfilePermissionMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/SharingProfilePermissionMapper.xml new file mode 100644 index 000000000..6f65edb03 --- /dev/null +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/SharingProfilePermissionMapper.xml @@ -0,0 +1,117 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + DELETE FROM guacamole_sharing_profile_permission + WHERE (user_id, permission, sharing_profile_id) IN + + (#{permission.userID,jdbcType=INTEGER}, + #{permission.type,jdbcType=VARCHAR}::guacamole_object_permission_type, + #{permission.objectIdentifier,jdbcType=INTEGER}::integer) + + + + + + + + INSERT INTO guacamole_sharing_profile_permission ( + user_id, + permission, + sharing_profile_id + ) + VALUES + + (#{permission.userID,jdbcType=INTEGER}, + #{permission.type,jdbcType=VARCHAR}::guacamole_object_permission_type, + #{permission.objectIdentifier,jdbcType=INTEGER}::integer) + + + + + \ No newline at end of file diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileMapper.xml new file mode 100644 index 000000000..ca49a9913 --- /dev/null +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileMapper.xml @@ -0,0 +1,145 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + DELETE FROM guacamole_sharing_profile + WHERE sharing_profile_id = #{identifier,jdbcType=INTEGER}::integer + + + + + + INSERT INTO guacamole_sharing_profile ( + sharing_profile_name, + primary_connection_id + ) + VALUES ( + #{object.name,jdbcType=VARCHAR}, + #{object.primaryConnectionIdentifier,jdbcType=INTEGER}::integer + ) + + + + + + UPDATE guacamole_sharing_profile + SET sharing_profile_name = #{object.name,jdbcType=VARCHAR}, + primary_connection_id = #{object.primaryConnectionIdentifier,jdbcType=INTEGER}::integer + WHERE sharing_profile_id = #{object.objectID,jdbcType=INTEGER}::integer + + + \ No newline at end of file diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileParameterMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileParameterMapper.xml new file mode 100644 index 000000000..dc7badcde --- /dev/null +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileParameterMapper.xml @@ -0,0 +1,68 @@ + + + + + + + + + + + + + + + + + + + + DELETE FROM guacamole_sharing_profile_parameter + WHERE sharing_profile_id = #{identifier,jdbcType=INTEGER}::integer + + + + + + INSERT INTO guacamole_sharing_profile_parameter ( + sharing_profile_id, + parameter_name, + parameter_value + ) + VALUES + + (#{parameter.sharingProfileIdentifier,jdbcType=INTEGER}::integer, + #{parameter.name,jdbcType=VARCHAR}, + #{parameter.value,jdbcType=VARCHAR}) + + + + + + \ No newline at end of file From 53a856b285c65b519f73492e40ddce640d70f14f Mon Sep 17 00:00:00 2001 From: Michael Jumper Date: Tue, 19 Jul 2016 16:03:11 -0700 Subject: [PATCH 3/6] GUACAMOLE-5: Add sharing profile properties to connection record model. --- .../connection/ConnectionRecordModel.java | 68 ++++++++++++++++++- .../connection/ModeledConnectionRecord.java | 4 +- .../connection/ConnectionRecordMapper.xml | 24 +++++-- .../connection/ConnectionRecordMapper.xml | 24 +++++-- 4 files changed, 105 insertions(+), 15 deletions(-) diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/connection/ConnectionRecordModel.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/connection/ConnectionRecordModel.java index e383e25fc..8e027fe8a 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/connection/ConnectionRecordModel.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/connection/ConnectionRecordModel.java @@ -23,7 +23,8 @@ import java.util.Date; /** * A single connection record representing a past usage of a particular - * connection. + * connection. If the connection was being shared, the sharing profile used to + * join the connection is included in the record. * * @author Michael Jumper */ @@ -39,6 +40,21 @@ public class ConnectionRecordModel { */ private String connectionName; + /** + * The identifier of the sharing profile associated with this connection + * record. If no sharing profile was used, or the sharing profile that was + * used was deleted, this will be null. + */ + private String sharingProfileIdentifier; + + /** + * The name of the sharing profile associated with this connection record. + * If no sharing profile was used, this will be null. If the sharing profile + * that was used was deleted, this will still contain the name of the + * sharing profile at the time that the connection was used. + */ + private String sharingProfileName; + /** * The database ID of the user associated with this connection record. */ @@ -110,6 +126,56 @@ public class ConnectionRecordModel { this.connectionName = connectionName; } + /** + * Returns the identifier of the sharing profile associated with this + * connection record. If no sharing profile was used, or the sharing profile + * that was used was deleted, this will be null. + * + * @return + * The identifier of the sharing profile associated with this connection + * record, or null if no sharing profile was used or if the sharing + * profile that was used was deleted. + */ + public String getSharingProfileIdentifier() { + return sharingProfileIdentifier; + } + + /** + * Sets the identifier of the sharing profile associated with this + * connection record. If no sharing profile was used, this should be null. + * + * @param sharingProfileIdentifier + * The identifier of the sharing profile associated with this + * connection record, or null if no sharing profile was used. + */ + public void setSharingProfileIdentifier(String sharingProfileIdentifier) { + this.sharingProfileIdentifier = sharingProfileIdentifier; + } + + /** + * Returns the human-readable name of the sharing profile associated with this + * connection record. If no sharing profile was used, this will be null. + * + * @return + * The human-readable name of the sharing profile associated with this + * connection record, or null if no sharing profile was used. + */ + public String getSharingProfileName() { + return sharingProfileName; + } + + /** + * Sets the human-readable name of the sharing profile associated with this + * connection record. If no sharing profile was used, this should be null. + * + * @param sharingProfileName + * The human-readable name of the sharing profile associated with this + * connection record, or null if no sharing profile was used. + */ + public void setSharingProfileName(String sharingProfileName) { + this.sharingProfileName = sharingProfileName; + } + /** * Returns the database ID of the user associated with this connection * record. diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/connection/ModeledConnectionRecord.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/connection/ModeledConnectionRecord.java index 41a5fdb34..33de621f5 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/connection/ModeledConnectionRecord.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/connection/ModeledConnectionRecord.java @@ -60,12 +60,12 @@ public class ModeledConnectionRecord implements ConnectionRecord { @Override public String getSharingProfileIdentifier() { - return null; + return model.getSharingProfileIdentifier(); } @Override public String getSharingProfileName() { - return null; + return model.getSharingProfileName(); } @Override diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionRecordMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionRecordMapper.xml index 3adcde2c2..989379057 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionRecordMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionRecordMapper.xml @@ -25,12 +25,14 @@ - - - - - - + + + + + + + + @@ -39,6 +41,8 @@ SELECT guacamole_connection_history.connection_id, guacamole_connection_history.connection_name, + guacamole_connection_history.sharing_profile_id, + guacamole_connection_history.sharing_profile_name, guacamole_connection_history.user_id, guacamole_connection_history.username, guacamole_connection_history.start_date, @@ -58,6 +62,8 @@ INSERT INTO guacamole_connection_history ( connection_id, connection_name, + sharing_profile_id, + sharing_profile_name, user_id, username, start_date, @@ -66,6 +72,8 @@ VALUES ( #{record.connectionIdentifier,jdbcType=VARCHAR}, #{record.connectionName,jdbcType=VARCHAR}, + #{record.sharingProfileIdentifier,jdbcType=VARCHAR}, + #{record.sharingProfileName,jdbcType=VARCHAR}, (SELECT user_id FROM guacamole_user WHERE username = #{record.username,jdbcType=VARCHAR}), #{record.username,jdbcType=VARCHAR}, @@ -81,6 +89,8 @@ SELECT guacamole_connection_history.connection_id, guacamole_connection_history.connection_name, + guacamole_connection_history.sharing_profile_id, + guacamole_connection_history.sharing_profile_name, guacamole_connection_history.user_id, guacamole_connection_history.username, guacamole_connection_history.start_date, @@ -136,6 +146,8 @@ SELECT guacamole_connection_history.connection_id, guacamole_connection_history.connection_name, + guacamole_connection_history.sharing_profile_id, + guacamole_connection_history.sharing_profile_name, guacamole_connection_history.user_id, guacamole_connection_history.username, guacamole_connection_history.start_date, diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionRecordMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionRecordMapper.xml index 9e395a432..455ce6849 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionRecordMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionRecordMapper.xml @@ -25,12 +25,14 @@ - - - - - - + + + + + + + + @@ -39,6 +41,8 @@ SELECT guacamole_connection_history.connection_id, guacamole_connection_history.connection_name, + guacamole_connection_history.sharing_profile_id, + guacamole_connection_history.sharing_profile_name, guacamole_connection_history.user_id, guacamole_connection_history.username, guacamole_connection_history.start_date, @@ -58,6 +62,8 @@ INSERT INTO guacamole_connection_history ( connection_id, connection_name, + sharing_profile_id, + sharing_profile_name, user_id, username, start_date, @@ -66,6 +72,8 @@ VALUES ( #{record.connectionIdentifier,jdbcType=INTEGER}::integer, #{record.connectionName,jdbcType=VARCHAR}, + #{record.sharingProfileIdentifier,jdbcType=INTEGER}::integer, + #{record.sharingProfileName,jdbcType=VARCHAR}, (SELECT user_id FROM guacamole_user WHERE username = #{record.username,jdbcType=VARCHAR}), #{record.username,jdbcType=VARCHAR}, @@ -81,6 +89,8 @@ SELECT guacamole_connection_history.connection_id, guacamole_connection_history.connection_name, + guacamole_connection_history.sharing_profile_id, + guacamole_connection_history.sharing_profile_name, guacamole_connection_history.user_id, guacamole_connection_history.username, guacamole_connection_history.start_date, @@ -134,6 +144,8 @@ SELECT guacamole_connection_history.connection_id, guacamole_connection_history.connection_name, + guacamole_connection_history.sharing_profile_id, + guacamole_connection_history.sharing_profile_name, guacamole_connection_history.user_id, guacamole_connection_history.username, guacamole_connection_history.start_date, From a03b76d9dda02849a26e90815ac312448fad39ef Mon Sep 17 00:00:00 2001 From: Michael Jumper Date: Tue, 19 Jul 2016 16:11:45 -0700 Subject: [PATCH 4/6] GUACAMOLE-5: Expose sharing profiles via a Directory on the UserContext according to granted permissions. --- .../JDBCAuthenticationProviderModule.java | 10 + .../SharingProfilePermissionService.java | 66 ++++ .../SharingProfilePermissionSet.java | 44 +++ .../sharingprofile/ModeledSharingProfile.java | 110 ++++++ .../SharingProfileDirectory.java | 85 +++++ .../sharingprofile/SharingProfileService.java | 328 ++++++++++++++++++ .../guacamole/auth/jdbc/user/UserContext.java | 16 +- 7 files changed, 655 insertions(+), 4 deletions(-) create mode 100644 extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/SharingProfilePermissionService.java create mode 100644 extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/SharingProfilePermissionSet.java create mode 100644 extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharingprofile/ModeledSharingProfile.java create mode 100644 extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileDirectory.java create mode 100644 extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileService.java diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderModule.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderModule.java index 35b15affe..71d784a52 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderModule.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderModule.java @@ -60,8 +60,13 @@ import org.apache.guacamole.auth.jdbc.activeconnection.ActiveConnectionService; import org.apache.guacamole.auth.jdbc.activeconnection.TrackedActiveConnection; import org.apache.guacamole.auth.jdbc.connection.ConnectionParameterMapper; import org.apache.guacamole.auth.jdbc.permission.SharingProfilePermissionMapper; +import org.apache.guacamole.auth.jdbc.permission.SharingProfilePermissionService; +import org.apache.guacamole.auth.jdbc.permission.SharingProfilePermissionSet; +import org.apache.guacamole.auth.jdbc.sharingprofile.ModeledSharingProfile; +import org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileDirectory; import org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileMapper; import org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileParameterMapper; +import org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileService; import org.apache.guacamole.auth.jdbc.tunnel.RestrictedGuacamoleTunnelService; import org.apache.guacamole.net.auth.AuthenticationProvider; import org.mybatis.guice.MyBatisModule; @@ -141,8 +146,11 @@ public class JDBCAuthenticationProviderModule extends MyBatisModule { bind(ModeledConnection.class); bind(ModeledConnectionGroup.class); bind(ModeledGuacamoleConfiguration.class); + bind(ModeledSharingProfile.class); bind(ModeledUser.class); bind(RootConnectionGroup.class); + bind(SharingProfileDirectory.class); + bind(SharingProfilePermissionSet.class); bind(SystemPermissionSet.class); bind(TrackedActiveConnection.class); bind(UserContext.class); @@ -159,6 +167,8 @@ public class JDBCAuthenticationProviderModule extends MyBatisModule { bind(GuacamoleTunnelService.class).to(RestrictedGuacamoleTunnelService.class); bind(PasswordEncryptionService.class).to(SHA256PasswordEncryptionService.class); bind(SaltService.class).to(SecureRandomSaltService.class); + bind(SharingProfilePermissionService.class); + bind(SharingProfileService.class); bind(SystemPermissionService.class); bind(UserPermissionService.class); bind(UserService.class); diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/SharingProfilePermissionService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/SharingProfilePermissionService.java new file mode 100644 index 000000000..7c12afd20 --- /dev/null +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/SharingProfilePermissionService.java @@ -0,0 +1,66 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.guacamole.auth.jdbc.permission; + +import com.google.inject.Inject; +import com.google.inject.Provider; +import org.apache.guacamole.auth.jdbc.user.AuthenticatedUser; +import org.apache.guacamole.GuacamoleException; +import org.apache.guacamole.auth.jdbc.user.ModeledUser; + +/** + * Service which provides convenience methods for creating, retrieving, and + * deleting sharing profile permissions. This service will automatically enforce + * the permissions of the current user. + * + * @author Michael Jumper + */ +public class SharingProfilePermissionService extends ModeledObjectPermissionService { + + /** + * Mapper for sharing profile permissions. + */ + @Inject + private SharingProfilePermissionMapper sharingProfilePermissionMapper; + + /** + * Provider for sharing profile permission sets. + */ + @Inject + private Provider sharingProfilePermissionSetProvider; + + @Override + protected ObjectPermissionMapper getPermissionMapper() { + return sharingProfilePermissionMapper; + } + + @Override + public ObjectPermissionSet getPermissionSet(AuthenticatedUser user, + ModeledUser targetUser) throws GuacamoleException { + + // Create permission set for requested user + ObjectPermissionSet permissionSet = sharingProfilePermissionSetProvider.get(); + permissionSet.init(user, targetUser); + + return permissionSet; + + } + +} diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/SharingProfilePermissionSet.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/SharingProfilePermissionSet.java new file mode 100644 index 000000000..77cb37e5d --- /dev/null +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/SharingProfilePermissionSet.java @@ -0,0 +1,44 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.guacamole.auth.jdbc.permission; + +import com.google.inject.Inject; + +/** + * A database implementation of ObjectPermissionSet which uses an injected + * service to query and manipulate the sharing profile permissions associated + * with a particular user. + * + * @author Michael Jumper + */ +public class SharingProfilePermissionSet extends ObjectPermissionSet { + + /** + * Service for querying and manipulating sharing profile permissions. + */ + @Inject + private SharingProfilePermissionService sharingProfilePermissionService; + + @Override + protected ObjectPermissionService getObjectPermissionService() { + return sharingProfilePermissionService; + } + +} diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharingprofile/ModeledSharingProfile.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharingprofile/ModeledSharingProfile.java new file mode 100644 index 000000000..318efedb4 --- /dev/null +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharingprofile/ModeledSharingProfile.java @@ -0,0 +1,110 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.guacamole.auth.jdbc.sharingprofile; + +import com.google.inject.Inject; +import java.util.Collection; +import java.util.Collections; +import java.util.Map; +import org.apache.guacamole.auth.jdbc.base.ModeledDirectoryObject; +import org.apache.guacamole.form.Form; +import org.apache.guacamole.net.auth.SharingProfile; + +/** + * An implementation of the SharingProfile object which is backed by a database + * model. + * + * @author Michael Jumper + */ +public class ModeledSharingProfile + extends ModeledDirectoryObject + implements SharingProfile { + + /** + * All possible attributes of sharing profile objects organized as + * individual, logical forms. Currently, there are no such attributes. + */ + public static final Collection
ATTRIBUTES = Collections.emptyList(); + + /** + * The manually-set parameter map, if any. + */ + private Map parameters = null; + + /** + * Service for managing sharing profiles. + */ + @Inject + private SharingProfileService sharingProfileService; + + /** + * Creates a new, empty ModeledSharingProfile. + */ + public ModeledSharingProfile() { + } + + @Override + public String getName() { + return getModel().getName(); + } + + @Override + public void setName(String name) { + getModel().setName(name); + } + + @Override + public String getPrimaryConnectionIdentifier() { + return getModel().getPrimaryConnectionIdentifier(); + } + + @Override + public void setPrimaryConnectionIdentifier(String identifier) { + getModel().setPrimaryConnectionIdentifier(identifier); + } + + @Override + public Map getParameters() { + + // Retrieve visible parameters, if not overridden by setParameters() + if (parameters == null) + return sharingProfileService.retrieveParameters(getCurrentUser(), + getModel().getIdentifier()); + + return parameters; + + } + + @Override + public void setParameters(Map parameters) { + this.parameters = parameters; + } + + @Override + public Map getAttributes() { + return Collections.emptyMap(); + } + + @Override + public void setAttributes(Map attributes) { + // Do nothing - no attributes + } + +} diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileDirectory.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileDirectory.java new file mode 100644 index 000000000..65512748e --- /dev/null +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileDirectory.java @@ -0,0 +1,85 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.guacamole.auth.jdbc.sharingprofile; + +import com.google.inject.Inject; +import java.util.Collection; +import java.util.Collections; +import java.util.Set; +import org.apache.guacamole.GuacamoleException; +import org.apache.guacamole.auth.jdbc.base.RestrictedObject; +import org.apache.guacamole.net.auth.Directory; +import org.apache.guacamole.net.auth.SharingProfile; +import org.mybatis.guice.transactional.Transactional; + +/** + * Implementation of the SharingProfile Directory which is driven by an + * underlying, arbitrary database. + * + * @author Michael Jumper + */ +public class SharingProfileDirectory extends RestrictedObject + implements Directory { + + /** + * Service for managing sharing profile objects. + */ + @Inject + private SharingProfileService sharingProfileService; + + @Override + public SharingProfile get(String identifier) throws GuacamoleException { + return sharingProfileService.retrieveObject(getCurrentUser(), identifier); + } + + @Override + @Transactional + public Collection getAll(Collection identifiers) throws GuacamoleException { + return Collections.unmodifiableCollection( + sharingProfileService.retrieveObjects(getCurrentUser(), identifiers) + ); + } + + @Override + @Transactional + public Set getIdentifiers() throws GuacamoleException { + return sharingProfileService.getIdentifiers(getCurrentUser()); + } + + @Override + @Transactional + public void add(SharingProfile object) throws GuacamoleException { + sharingProfileService.createObject(getCurrentUser(), object); + } + + @Override + @Transactional + public void update(SharingProfile object) throws GuacamoleException { + ModeledSharingProfile sharingProfile = (ModeledSharingProfile) object; + sharingProfileService.updateObject(getCurrentUser(), sharingProfile); + } + + @Override + @Transactional + public void remove(String identifier) throws GuacamoleException { + sharingProfileService.deleteObject(getCurrentUser(), identifier); + } + +} diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileService.java new file mode 100644 index 000000000..11c70d23a --- /dev/null +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileService.java @@ -0,0 +1,328 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.guacamole.auth.jdbc.sharingprofile; + +import com.google.inject.Inject; +import com.google.inject.Provider; +import java.util.ArrayList; +import java.util.Collection; +import java.util.HashMap; +import java.util.Map; +import java.util.Set; +import org.apache.guacamole.auth.jdbc.user.AuthenticatedUser; +import org.apache.guacamole.auth.jdbc.base.ModeledDirectoryObjectMapper; +import org.apache.guacamole.GuacamoleClientException; +import org.apache.guacamole.GuacamoleException; +import org.apache.guacamole.auth.jdbc.base.ModeledDirectoryObjectService; +import org.apache.guacamole.auth.jdbc.permission.SharingProfilePermissionMapper; +import org.apache.guacamole.auth.jdbc.permission.ObjectPermissionMapper; +import org.apache.guacamole.net.auth.SharingProfile; +import org.apache.guacamole.net.auth.permission.ObjectPermission; +import org.apache.guacamole.net.auth.permission.ObjectPermissionSet; +import org.apache.guacamole.net.auth.permission.SystemPermission; +import org.apache.guacamole.net.auth.permission.SystemPermissionSet; + +/** + * Service which provides convenience methods for creating, retrieving, and + * manipulating sharing profiles. + * + * @author Michael Jumper + */ +public class SharingProfileService + extends ModeledDirectoryObjectService { + + /** + * Mapper for accessing sharing profiles. + */ + @Inject + private SharingProfileMapper sharingProfileMapper; + + /** + * Mapper for manipulating sharing profile permissions. + */ + @Inject + private SharingProfilePermissionMapper sharingProfilePermissionMapper; + + /** + * Mapper for accessing sharing profile parameters. + */ + @Inject + private SharingProfileParameterMapper parameterMapper; + + /** + * Provider for creating sharing profiles. + */ + @Inject + private Provider sharingProfileProvider; + + @Override + protected ModeledDirectoryObjectMapper getObjectMapper() { + return sharingProfileMapper; + } + + @Override + protected ObjectPermissionMapper getPermissionMapper() { + return sharingProfilePermissionMapper; + } + + @Override + protected ModeledSharingProfile getObjectInstance(AuthenticatedUser currentUser, + SharingProfileModel model) { + ModeledSharingProfile sharingProfile = sharingProfileProvider.get(); + sharingProfile.init(currentUser, model); + return sharingProfile; + } + + @Override + protected SharingProfileModel getModelInstance(AuthenticatedUser currentUser, + final SharingProfile object) { + + // Create new ModeledSharingProfile backed by blank model + SharingProfileModel model = new SharingProfileModel(); + ModeledSharingProfile sharingProfile = getObjectInstance(currentUser, model); + + // Set model contents through ModeledSharingProfile, copying the + // provided sharing profile + sharingProfile.setPrimaryConnectionIdentifier(object.getPrimaryConnectionIdentifier()); + sharingProfile.setName(object.getName()); + sharingProfile.setParameters(object.getParameters()); + sharingProfile.setAttributes(object.getAttributes()); + + return model; + + } + + @Override + protected boolean hasCreatePermission(AuthenticatedUser user) + throws GuacamoleException { + + // Return whether user has explicit sharing profile creation permission + SystemPermissionSet permissionSet = user.getUser().getSystemPermissions(); + return permissionSet.hasPermission(SystemPermission.Type.CREATE_SHARING_PROFILE); + + } + + @Override + protected ObjectPermissionSet getPermissionSet(AuthenticatedUser user) + throws GuacamoleException { + + // Return permissions related to sharing profiles + return user.getUser().getSharingProfilePermissions(); + + } + + @Override + protected void beforeCreate(AuthenticatedUser user, + SharingProfileModel model) throws GuacamoleException { + + super.beforeCreate(user, model); + + // Name must not be blank + if (model.getName() == null || model.getName().trim().isEmpty()) + throw new GuacamoleClientException("Sharing profile names must not be blank."); + + // Do not attempt to create duplicate sharing profiles + SharingProfileModel existing = sharingProfileMapper.selectOneByName(model.getPrimaryConnectionIdentifier(), model.getName()); + if (existing != null) + throw new GuacamoleClientException("The sharing profile \"" + model.getName() + "\" already exists."); + + } + + @Override + protected void beforeUpdate(AuthenticatedUser user, + SharingProfileModel model) throws GuacamoleException { + + super.beforeUpdate(user, model); + + // Name must not be blank + if (model.getName() == null || model.getName().trim().isEmpty()) + throw new GuacamoleClientException("Sharing profile names must not be blank."); + + // Check whether such a sharing profile is already present + SharingProfileModel existing = sharingProfileMapper.selectOneByName(model.getPrimaryConnectionIdentifier(), model.getName()); + if (existing != null) { + + // If the specified name matches a DIFFERENT existing sharing profile, the update cannot continue + if (!existing.getObjectID().equals(model.getObjectID())) + throw new GuacamoleClientException("The sharing profile \"" + model.getName() + "\" already exists."); + + } + + } + + /** + * Given an arbitrary Guacamole sharing profile, produces a collection of + * parameter model objects containing the name/value pairs of that + * sharing profile's parameters. + * + * @param sharingProfile + * The sharing profile whose configuration should be used to produce the + * collection of parameter models. + * + * @return + * A collection of parameter models containing the name/value pairs + * of the given sharing profile's parameters. + */ + private Collection getParameterModels(ModeledSharingProfile sharingProfile) { + + Map parameters = sharingProfile.getParameters(); + + // Convert parameters to model objects + Collection parameterModels = new ArrayList(parameters.size()); + for (Map.Entry parameterEntry : parameters.entrySet()) { + + // Get parameter name and value + String name = parameterEntry.getKey(); + String value = parameterEntry.getValue(); + + // There is no need to insert empty parameters + if (value == null || value.isEmpty()) + continue; + + // Produce model object from parameter + SharingProfileParameterModel model = new SharingProfileParameterModel(); + model.setSharingProfileIdentifier(sharingProfile.getIdentifier()); + model.setName(name); + model.setValue(value); + + // Add model to list + parameterModels.add(model); + + } + + return parameterModels; + + } + + @Override + public ModeledSharingProfile createObject(AuthenticatedUser user, SharingProfile object) + throws GuacamoleException { + + // Create sharing profile + ModeledSharingProfile sharingProfile = super.createObject(user, object); + sharingProfile.setParameters(object.getParameters()); + + // Insert new parameters, if any + Collection parameterModels = getParameterModels(sharingProfile); + if (!parameterModels.isEmpty()) + parameterMapper.insert(parameterModels); + + return sharingProfile; + + } + + @Override + public void updateObject(AuthenticatedUser user, ModeledSharingProfile object) + throws GuacamoleException { + + // Update sharing profile + super.updateObject(user, object); + + // Replace existing parameters with new parameters, if any + Collection parameterModels = getParameterModels(object); + parameterMapper.delete(object.getIdentifier()); + if (!parameterModels.isEmpty()) + parameterMapper.insert(parameterModels); + + } + + /** + * Returns the set of all identifiers for all sharing profiles associated + * with the given primary connection. Only sharing profiles that the user + * has read access to will be returned. + * + * Permission to read the primary connection having the given identifier is + * NOT checked. + * + * @param user + * The user retrieving the identifiers. + * + * @param identifier + * The identifier of the primary connection. + * + * @return + * The set of all identifiers for all sharing profiles associated with + * the primary connection having the given identifier that the user has + * read access to. + * + * @throws GuacamoleException + * If an error occurs while reading identifiers. + */ + public Set getIdentifiersWithin(AuthenticatedUser user, + String identifier) + throws GuacamoleException { + + // Bypass permission checks if the user is a system admin + if (user.getUser().isAdministrator()) + return sharingProfileMapper.selectIdentifiersWithin(identifier); + + // Otherwise only return explicitly readable identifiers + else + return sharingProfileMapper.selectReadableIdentifiersWithin( + user.getUser().getModel(), identifier); + + } + + /** + * Retrieves all parameters visible to the given user and associated with + * the sharing profile having the given identifier. If the given user has no + * access to such parameters, or no such sharing profile exists, the + * returned map will be empty. + * + * @param user + * The user retrieving sharing profile parameters. + * + * @param identifier + * The identifier of the sharing profile whose parameters are being + * retrieved. + * + * @return + * A new map of all parameter name/value pairs that the given user has + * access to. + */ + public Map retrieveParameters(AuthenticatedUser user, + String identifier) { + + Map parameterMap = new HashMap(); + + // Determine whether we have permission to read parameters + boolean canRetrieveParameters; + try { + canRetrieveParameters = hasObjectPermission(user, identifier, + ObjectPermission.Type.UPDATE); + } + + // Provide empty (but mutable) map if unable to check permissions + catch (GuacamoleException e) { + return parameterMap; + } + + // Populate parameter map if we have permission to do so + if (canRetrieveParameters) { + for (SharingProfileParameterModel parameter : parameterMapper.select(identifier)) + parameterMap.put(parameter.getName(), parameter.getValue()); + } + + return parameterMap; + + } + +} diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserContext.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserContext.java index 7cb52f07e..5ddea97ba 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserContext.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserContext.java @@ -26,13 +26,14 @@ import org.apache.guacamole.auth.jdbc.connection.ConnectionDirectory; import com.google.inject.Inject; import com.google.inject.Provider; import java.util.Collection; -import java.util.Collections; import org.apache.guacamole.GuacamoleException; import org.apache.guacamole.auth.jdbc.base.RestrictedObject; import org.apache.guacamole.auth.jdbc.activeconnection.ActiveConnectionDirectory; import org.apache.guacamole.auth.jdbc.connection.ConnectionRecordSet; import org.apache.guacamole.auth.jdbc.connection.ModeledConnection; import org.apache.guacamole.auth.jdbc.connectiongroup.ModeledConnectionGroup; +import org.apache.guacamole.auth.jdbc.sharingprofile.ModeledSharingProfile; +import org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileDirectory; import org.apache.guacamole.form.Form; import org.apache.guacamole.net.auth.ActiveConnection; import org.apache.guacamole.net.auth.AuthenticationProvider; @@ -41,7 +42,6 @@ import org.apache.guacamole.net.auth.ConnectionGroup; import org.apache.guacamole.net.auth.Directory; import org.apache.guacamole.net.auth.SharingProfile; import org.apache.guacamole.net.auth.User; -import org.apache.guacamole.net.auth.simple.SimpleDirectory; /** * UserContext implementation which is driven by an arbitrary, underlying @@ -80,6 +80,13 @@ public class UserContext extends RestrictedObject @Inject private ConnectionGroupDirectory connectionGroupDirectory; + /** + * Sharing profile directory restricted by the permissions of the user + * associated with this context. + */ + @Inject + private SharingProfileDirectory sharingProfileDirectory; + /** * ActiveConnection directory restricted by the permissions of the user * associated with this context. @@ -108,6 +115,7 @@ public class UserContext extends RestrictedObject userDirectory.init(currentUser); connectionDirectory.init(currentUser); connectionGroupDirectory.init(currentUser); + sharingProfileDirectory.init(currentUser); activeConnectionDirectory.init(currentUser); } @@ -140,7 +148,7 @@ public class UserContext extends RestrictedObject @Override public Directory getSharingProfileDirectory() throws GuacamoleException { - return new SimpleDirectory(); + return sharingProfileDirectory; } @Override @@ -184,7 +192,7 @@ public class UserContext extends RestrictedObject @Override public Collection getSharingProfileAttributes() { - return Collections.emptyList(); + return ModeledSharingProfile.ATTRIBUTES; } } From c304a981e1f0c4e975f6d5a492cf3a8453609cb4 Mon Sep 17 00:00:00 2001 From: Michael Jumper Date: Tue, 19 Jul 2016 16:47:31 -0700 Subject: [PATCH 5/6] GUACAMOLE-5: Expose sharing profile permissions. --- .../apache/guacamole/auth/jdbc/user/ModeledUser.java | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/ModeledUser.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/ModeledUser.java index 26bdbcfc2..72ee6917c 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/ModeledUser.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/ModeledUser.java @@ -38,6 +38,7 @@ import org.apache.guacamole.GuacamoleException; import org.apache.guacamole.auth.jdbc.activeconnection.ActiveConnectionPermissionService; import org.apache.guacamole.auth.jdbc.permission.ConnectionGroupPermissionService; import org.apache.guacamole.auth.jdbc.permission.ConnectionPermissionService; +import org.apache.guacamole.auth.jdbc.permission.SharingProfilePermissionService; import org.apache.guacamole.auth.jdbc.permission.UserPermissionService; import org.apache.guacamole.form.BooleanField; import org.apache.guacamole.form.DateField; @@ -49,7 +50,6 @@ import org.apache.guacamole.net.auth.User; import org.apache.guacamole.net.auth.permission.ObjectPermissionSet; import org.apache.guacamole.net.auth.permission.SystemPermission; import org.apache.guacamole.net.auth.permission.SystemPermissionSet; -import org.apache.guacamole.net.auth.simple.SimpleObjectPermissionSet; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -160,6 +160,12 @@ public class ModeledUser extends ModeledDirectoryObject implements Us @Inject private ConnectionGroupPermissionService connectionGroupPermissionService; + /** + * Service for retrieving sharing profile permissions. + */ + @Inject + private SharingProfilePermissionService sharingProfilePermissionService; + /** * Service for retrieving active connection permissions. */ @@ -255,7 +261,7 @@ public class ModeledUser extends ModeledDirectoryObject implements Us @Override public ObjectPermissionSet getSharingProfilePermissions() throws GuacamoleException { - return new SimpleObjectPermissionSet(); + return sharingProfilePermissionService.getPermissionSet(getCurrentUser(), this); } @Override From fc05224512679e82f9c1e43ee18e53e8eed7555a Mon Sep 17 00:00:00 2001 From: Michael Jumper Date: Tue, 19 Jul 2016 16:52:19 -0700 Subject: [PATCH 6/6] GUACAMOLE-5: Expose sharing profiles at connection level. --- .../auth/jdbc/connection/ModeledConnection.java | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/connection/ModeledConnection.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/connection/ModeledConnection.java index 6cd30d4bb..f605a90e2 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/connection/ModeledConnection.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/connection/ModeledConnection.java @@ -32,6 +32,7 @@ import org.apache.guacamole.auth.jdbc.tunnel.GuacamoleTunnelService; import org.apache.guacamole.GuacamoleException; import org.apache.guacamole.auth.jdbc.JDBCEnvironment; import org.apache.guacamole.auth.jdbc.base.ModeledGroupedDirectoryObject; +import org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileService; import org.apache.guacamole.form.Field; import org.apache.guacamole.form.Form; import org.apache.guacamole.form.NumericField; @@ -99,6 +100,12 @@ public class ModeledConnection extends ModeledGroupedDirectoryObject getSharingProfileIdentifiers() throws GuacamoleException { - return Collections.emptySet(); + return sharingProfileService.getIdentifiersWithin(getCurrentUser(), getIdentifier()); } @Override